som*_*one 21 java spring spring-mvc spring-security twitter-bootstrap
我正在我的HTML文件(百万美元模板)中使用Spring Security和Bootstrap构建一个Spring MVC应用程序.Spring Security部分基于Spring Security for Spring Security,并与Spring Boot应用服务器相结合.
启用Spring Security后,引导程序css文件将不会加载错误消息:
Refused to execute script from 'http://localhost:8080/js/bootstrap.min.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
上面的错误消息来自chrome开发人员控制台.
我尝试过的:
permit呼叫的资源路径我的目标结构:
/main
|-> /java
| BootStart.java
|-> /security
|SecurityConfiguration.java
|-> /resources
|-> /static
|-> /css /** bootstrap location */
|-> /js
|-> /fonts
|-> /templates
| /user
| sample.html
BootStart.java是Spring Boot获取的java文件.
BootStart.java:
@EnableAutoConfiguration
@ComponentScan
public class BootStart {
public static void main(String[] args) {
SpringApplication.run(BootStart.class, args);
}
}
SecurityConfiguration.java:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
http
.authorizeRequests()
.antMatchers("/", "/resources/static/**").permitAll()
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
Sample.html:
<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" th:href="@{/css/bootstrap.css}" href="../../css/bootstrap.min.css"/>
<link rel="stylesheet" th:href="@{/css/bootstrap-theme.css}" href="../../css/bootstrap-theme.min.css"/>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
<div class="alert alert-danger" role="alert">!Basic template!</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
</body>
</html>
目前我在我的pom中使用以下依赖项:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
我如何配置Spring Security,我可以从我的/ static资源目录加载css/js文件?
Mav*_*arn 18
请用其他类似问题查看此答案.
如果将js文件放在/js/dir中,则不应该出现这种MIME错误.
而且,对于javascript文件,最好为它们禁用安全性:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/the_js_path/**");
}
小智 9
使用相同的文件夹结构,我也遇到相同的错误,它在css文件中。
我所做的全部添加/css/**到antMatcher()中,如下所示:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/css/**").permitAll() //Adding this line solved it
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.loginProcessingUrl("/sign-in")
.defaultSuccessUrl("/home")
.failureUrl("/error")
.and()
.logout()
.logoutSuccessUrl("/logout")
.permitAll()
.and()
.csrf().disable();
}
在您的情况下,只需添加/js/**antMatcher()然后使用allowAll()
| 归档时间: |
|
| 查看次数: |
20975 次 |
| 最近记录: |